mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-04-12 23:04:33 +00:00
6031a1219b
Docker 26+ configures networking after the Start response rather than through prestart hooks, which means the network namespace may not have any interfaces when the sandbox is first created. This is the runtime-rs counterpart of the Go runtime fix in PR #12754. Three changes are made: 1. Discover Docker's pre-created network namespace from OCI hook args (libnetwork-setkey) during sandbox creation, avoiding a placeholder netns when the real one is already available. 2. Add an async rescan_network method to VirtSandbox that polls the network namespace for up to 5 seconds (50ms interval) looking for late-appearing interfaces, then pushes them to the guest agent. 3. Spawn the async rescan after StartProcess for sandbox containers, matching the timing of the Go runtime's RescanNetwork goroutine. Fixes: #9340 Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com> Made-with: Cursor
418 lines
14 KiB
YAML
418 lines
14 KiB
YAML
name: CI | Basic amd64 tests
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
tarball-suffix:
|
|
required: false
|
|
type: string
|
|
commit-hash:
|
|
required: false
|
|
type: string
|
|
target-branch:
|
|
required: false
|
|
type: string
|
|
default: ""
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
run-containerd-sandboxapi:
|
|
name: run-containerd-sandboxapi
|
|
strategy:
|
|
# We can set this to true whenever we're 100% sure that
|
|
# the all the tests are not flaky, otherwise we'll fail
|
|
# all the tests due to a single flaky instance.
|
|
fail-fast: false
|
|
matrix:
|
|
containerd_version: ['active']
|
|
vmm: ['dragonball', 'cloud-hypervisor', 'qemu-runtime-rs']
|
|
# TODO: enable me when https://github.com/containerd/containerd/issues/11640 is fixed
|
|
if: false
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
CONTAINERD_VERSION: ${{ matrix.containerd_version }}
|
|
GOPATH: ${{ github.workspace }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
SANDBOXER: "shim"
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install yq
|
|
run: |
|
|
./ci/install_yq.sh
|
|
env:
|
|
INSTALL_IN_GOPATH: false
|
|
|
|
- name: Read properties from versions.yaml
|
|
run: |
|
|
go_version="$(yq '.languages.golang.version' versions.yaml)"
|
|
[ -n "$go_version" ]
|
|
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
|
|
|
|
- name: Setup Golang version ${{ env.GO_VERSION }}
|
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
- name: Install dependencies
|
|
run: bash tests/integration/cri-containerd/gha-run.sh install-dependencies
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: Install kata
|
|
run: bash tests/integration/cri-containerd/gha-run.sh install-kata kata-artifacts
|
|
|
|
- name: Run containerd-sandboxapi tests
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/cri-containerd/gha-run.sh run
|
|
|
|
run-containerd-stability:
|
|
name: run-containerd-stability
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
containerd_version: ['lts', 'active']
|
|
vmm: ['clh', 'cloud-hypervisor', 'dragonball', 'qemu', 'qemu-runtime-rs']
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
CONTAINERD_VERSION: ${{ matrix.containerd_version }}
|
|
GOPATH: ${{ github.workspace }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
SANDBOXER: "podsandbox"
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install dependencies
|
|
run: bash tests/stability/gha-run.sh install-dependencies
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: Install kata
|
|
run: bash tests/stability/gha-run.sh install-kata kata-artifacts
|
|
|
|
- name: Run containerd-stability tests
|
|
timeout-minutes: 15
|
|
run: bash tests/stability/gha-run.sh run
|
|
|
|
run-nydus:
|
|
name: run-nydus
|
|
strategy:
|
|
# We can set this to true whenever we're 100% sure that
|
|
# the all the tests are not flaky, otherwise we'll fail
|
|
# all the tests due to a single flaky instance.
|
|
fail-fast: false
|
|
matrix:
|
|
containerd_version: ['lts', 'active']
|
|
vmm: ['clh', 'qemu', 'dragonball', 'qemu-runtime-rs']
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
CONTAINERD_VERSION: ${{ matrix.containerd_version }}
|
|
GOPATH: ${{ github.workspace }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install dependencies
|
|
run: bash tests/integration/nydus/gha-run.sh install-dependencies
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: get-kata-tools-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-tools-artifacts
|
|
|
|
- name: Install kata
|
|
run: bash tests/integration/nydus/gha-run.sh install-kata kata-artifacts
|
|
|
|
- name: Install kata-tools
|
|
run: bash tests/integration/nydus/gha-run.sh install-kata-tools kata-tools-artifacts
|
|
|
|
- name: Run nydus tests
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/nydus/gha-run.sh run
|
|
|
|
run-tracing:
|
|
name: run-tracing
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- clh # cloud-hypervisor
|
|
- qemu
|
|
# TODO: enable me when https://github.com/kata-containers/kata-containers/issues/9763 is fixed
|
|
# TODO: Transition to free runner (see #9940).
|
|
if: false
|
|
runs-on: garm-ubuntu-2204-smaller
|
|
env:
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install dependencies
|
|
run: bash tests/functional/tracing/gha-run.sh install-dependencies
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: Install kata
|
|
run: bash tests/functional/tracing/gha-run.sh install-kata kata-artifacts
|
|
|
|
- name: Run tracing tests
|
|
timeout-minutes: 15
|
|
run: bash tests/functional/tracing/gha-run.sh run
|
|
|
|
run-vfio:
|
|
name: run-vfio
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- clh
|
|
- qemu
|
|
# TODO: enable with clh when https://github.com/kata-containers/kata-containers/issues/9764 is fixed
|
|
# TODO: enable with qemu when https://github.com/kata-containers/kata-containers/issues/9851 is fixed
|
|
# TODO: Transition to free runner (see #9940).
|
|
if: false
|
|
runs-on: garm-ubuntu-2304
|
|
env:
|
|
GOPATH: ${{ github.workspace }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install dependencies
|
|
run: bash tests/functional/vfio/gha-run.sh install-dependencies
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: Run vfio tests
|
|
timeout-minutes: 15
|
|
run: bash tests/functional/vfio/gha-run.sh run
|
|
|
|
run-docker-tests:
|
|
name: run-docker-tests
|
|
strategy:
|
|
# We can set this to true whenever we're 100% sure that
|
|
# all the tests are not flaky, otherwise we'll fail them
|
|
# all due to a single flaky instance.
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu
|
|
- qemu-runtime-rs
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install dependencies
|
|
run: bash tests/integration/docker/gha-run.sh install-dependencies
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: Install kata
|
|
run: bash tests/integration/docker/gha-run.sh install-kata kata-artifacts
|
|
|
|
- name: Run docker smoke test
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/docker/gha-run.sh run
|
|
|
|
run-nerdctl-tests:
|
|
name: run-nerdctl-tests
|
|
strategy:
|
|
# We can set this to true whenever we're 100% sure that
|
|
# all the tests are not flaky, otherwise we'll fail them
|
|
# all due to a single flaky instance.
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- clh
|
|
- dragonball
|
|
- qemu
|
|
- cloud-hypervisor
|
|
- qemu-runtime-rs
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install dependencies
|
|
env:
|
|
GITHUB_API_TOKEN: ${{ github.token }}
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: bash tests/integration/nerdctl/gha-run.sh install-dependencies
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: Install kata
|
|
run: bash tests/integration/nerdctl/gha-run.sh install-kata kata-artifacts
|
|
|
|
- name: Run nerdctl smoke test
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/nerdctl/gha-run.sh run
|
|
|
|
- name: Collect artifacts ${{ matrix.vmm }}
|
|
if: always()
|
|
run: bash tests/integration/nerdctl/gha-run.sh collect-artifacts
|
|
continue-on-error: true
|
|
|
|
- name: Archive artifacts ${{ matrix.vmm }}
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: nerdctl-tests-garm-${{ matrix.vmm }}
|
|
path: /tmp/artifacts
|
|
retention-days: 1
|
|
|
|
run-kata-agent-apis:
|
|
name: run-kata-agent-apis
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Install dependencies
|
|
run: bash tests/functional/kata-agent-apis/gha-run.sh install-dependencies
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
- name: get-kata-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-artifacts
|
|
|
|
- name: get-kata-tools-tarball
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }}
|
|
path: kata-tools-artifacts
|
|
|
|
- name: Install kata & kata-tools
|
|
run: |
|
|
bash tests/functional/kata-agent-apis/gha-run.sh install-kata kata-artifacts
|
|
bash tests/functional/kata-agent-apis/gha-run.sh install-kata-tools kata-tools-artifacts
|
|
|
|
- name: Run kata agent api tests with agent-ctl
|
|
run: bash tests/functional/kata-agent-apis/gha-run.sh run
|